Security experts sounded the alarm this week over new zero-day attacks against Microsoft's long-suffering Internet Explorer browser, and with good reason.
The digital underground is using the vector markup language (VML) flaw to drop a variety of malware onto vulnerable Windows machines, with the apparent objective of creating more botnets. Several attacks originated from a series of pornographic Web sites based in Russia.
Microsoft took the threat seriously enough to issue an advisory via its Web site.
The other medium Microsoft and other vendors are using is the blogosphere. Once used primarily by security researchers and pundits, vendors are posting their advisories on blogs with increased frequency. In fact, Microsoft issued its IE advisory on the Microsoft Security Response Center blog as well as the Web site.
Vendors have typically gotten their alerts out by way of Web site and email advisories. That's still the case, of course, but the blogosphere has become a place where they can get the word out even faster, and to a wider audience.
Between the blogs kept by vendors and those kept by an increasing number of security researchers and IT professionals, it's becoming much easier to get a quick fix on a new threat and how to defend against it. Indeed, there was no shortage of advice this week on how to deal with the Internet Explorer threat.
In a SecuriTeam blog entry, researcher Matthew Murphy examined Microsoft's suggested workarounds and added his own advice. Microsoft has suggested customers mitigate the threat by:
- Unregistering Vgx.dll on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1;
- Modifying the access control list on Vgx.dll to be more restrictive;
- Configuring Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable binary and script behaviors in the Internet and local intranet security zone; and
- Reading email messages in plain text format to help protect systems from the HTML email attack vector.
While these are good workarounds, Murphy said, there are other things to keep in mind:
"The current in-the-wild exploits attempt system-wide software installations, as do most zero-day exploits for such vulnerabilities. If your browser is not running under an account with administrative privileges, this will not succeed," he said. "The most effective way to do this is for users to log on interactively with accounts running as limited users, rather than [running as] members of the privileged 'power users' or 'administrators groups.'"
In his Liquidmatrix blog, security professional Dave Lewis reiterated some of the suggested workarounds, then suggested the problem would be a lot less severe if people could curb their appetite for online smut.
"An even easier way to avoid the problem [is] to avoid surfing porn sites …" he said.
The McAfee Avert Labs blog offered similar advice, recommending users "stay on the straight and narrow path while touring the Internet."